English Forums > Documentation and Translation

AdGuard Home setup guide

<< < (39/46) > >>


--- Quote from: twitch86 on June 28, 2022, 10:58:03 am ---Hi Guys,

if i followed this guide - but i have one problem

I cannot fetch Firmware - Updates/Plugins anymore
I need to set an DNS under General and Tick "Do not use the local DNS service as a nameserver for this system"
to make my system fetch these

--- End quote ---

I ran into this problem also. I think it is caused by only selecting the LAN interface during initial adguard setup. My thinking was "why would I want to have DNS on the WAN?" I guess the answer is that, without it, opnsense doesn't get dns. Maybe it could have also been fixed by putting the router IP in the opnsense gui? Anyway,  I fixed it by editing the AdGuardHome.yaml file.

--- Code: ---# Different network interfaces.
    - ''
    - ''

--- End code ---


Hello Guys,

at first, a big thank you to @yeraycito for your tutorial!

I have some addional steps for the tutorial, if you want to use a wildcard certificate from acme client and domain name in your local network.
For me i can't get adguard webui with ssl working on the domain name from opnsense. My goal was to use the webui like this: https://opnsense.your-local-domain.tld or on a another port like opnsense.your-local-domain.tld:4443 with ssl wildcard certificate.

Opnsense 22.7.4 Install:

1 - Activate mimugmail's community repository

2 - Install AdGuardHome from System --> Firmware --> Plugins

3 - Opnsense - System - Settings -General

      DNS Servers: empty

      Untick: Do not use the local DNS service as a nameserver for this system

      Untick: Allow DNS server list to be overridden by DHCP/PPP on WAN

4 - Services – DHCPv4 – [LAN] : DNS Servers all empty

5 – Opnsense – Services - Unbound DNS – General

       Tick: Enable Unbound ( Listen Port: 5353 )

       Tick: Enable DNSSEC Support
       Network Interfaces: All

6 - Opnsense - Services - Unbound - Dns Over Tls

      Server IP:

      Server Port: 853

      Verify CN: cloudflare-dns.com

7 - Open SSH Tunnel to OPNSense and edit the following config file
--- Code: --- nano /usr/local/AdGuardHome/AdGuardHome.yaml
--- End code ---

7.1 - You need to change following parts:

--- Code: ---bind_host:

--- End code ---

7.2 - Activate and start AdGuardHome from Services --> AdGuardHome

8 - Navigate to http://Opnsense ip:3000/ ( ) to complete the setup Adguard

9 - Adguard Home - DNS Configuration - Upstream Servers:

       Add    !!!Delete those that exist!!!

10 – Adguard Home – DNS Configuration – Bootstrap DNS servers

       Add    !!!Delete those that exist!!!
11 - Adguard Home - DNS Configuration - Private reverse DNS servers:


12 - Now go Settings -> Encryption

       Pick "Encrytion activation"

       Servername = opnsensehostname.your-local-domain.tld

       Tick: "Automatic HTTPS redirect"
       If you want change HTTPS do it in "HTTPS-Port"

       Under Certificate choose your certificate from acme client which should be located in:

--- Code: ---/var/etc/acme-client/home/*.your-local-domain.tld/fullchain.cer
--- End code ---

       Under Private Key choose your certificate from acme client which should be located in:

--- Code: ---/var/etc/acme-client/home/*.your-local-domain.tld/*.your-local-domain.tld.key
--- End code ---

13 - Save the settings
If you get a warninghint like: "validating certificate pair: certificates has no IP addresses; DNS-over-TLS won't be advertised via DDR" it's a known bug since version 0.127.16 with update to version 0.127.19 the color is only white and not red like in x.16, x.17, x.18

With best regards

EDIT: If you want to check if your setup works correctly you can use this website https://www.cloudflare.com/de-de/ssl/encrypted-sni/

DNS over IPsec did't work with Adguard and unbound. Only with unbound ist worked. Can someone help?

nobody has an idea? Or can someone test it to see if it works?

Hi all,

in addition to all the great manuals in this thread (because it drove me crazy):

if you use the mDNS repeater plugin you shouldn't use port 5353 for unbound. It interfers with the repeater plugin and in my case it caused adguard not starting up after rebooting opnsense. I had to start adguard manually then.
After using a different port in unbound the problem has gone.


[0] Message Index

[#] Next page

[*] Previous page

Go to full version